Blue Prism 6.9.1: August 2022

Click this icon on the toolbar to view and download a PDF version of the release notes.

The table below summarizes the components that relate directly to this Blue Prism Enterprise release.



This release requires the Blue Prism database to be this version.

Login agent


There have been no functional updates to the Blue Prism Login Agent. The version of Login Agent that is provided with this release of Blue Prism has the same functionality as the version provided with Blue Prism 6.7.

Browser extensions
(for Chrome, Firefox,
and Edge)

See Browser extension versions

For the latest compatibility information, see the browser compatibility matrix.

Data Gateways engine


The Data Gateways engine version 1.2 or 1.4 (recommended) must be installed to use Data Gateways with this version of Blue Prism.

Download the installer from the Blue Prism Portal – select Product > Blue Prism Enterprise > Extras.

Applying this patch release

To upgrade to this version, this patch release must be applied to all the following components throughout your Blue Prism environment for it to be operational:

Interactive clients Runtime resources Application servers




Please review the upgrade notices for more details if you are upgrading from a Blue Prism version earlier than 6.9.

Known issues

A list of any prominent issues with this release is maintained in the knowledge base – click here for more information.

Secure development policy

(Undefined variable: General.NoPipeCompanyName)’s secure development process is a market-leading, embedded security culture, focused on delivering security excellence through four key principles:

  • Education – Providing up-to-date knowledge, information, and training to the development team.
  • Evaluation – Regular reviews of our products using industry standard frameworks and security tools.
  • Elimination – Remove potential threats through the evaluation of standards, compliance, and performance.
  • Evolution – Continued improvement of our security program, ensuring alignment with our product technologies and by reacting effectively to new and emerging threats.

(Undefined variable: General.NoPipeCompanyName) secure development is based on OWASP ASVS, ISO 27034 and GDPR Article 25 standards and practices. For more information, see (Undefined variable: General.NoPipeCompanyName)'s comprehensive secure development process.

Fixes and minor improvements

Description of change


Various security improvements around server permissions and communication have been made in this release.

The following Common Vulnerabilities and Exposures (CVEs) have been addressed:

  • CVE-2022-36117
  • CVE-2022-36119
  • CVE-2022-36120
  • CVE-2022-36662

For details of these CVEs, see Security Vulnerabilities August 2022 on the customer portal.


The following enhancements have been made to the Blue Prism connection configuration functionality:

  • If using the following connection modes with a Blue Prism Server connection, a Service Principal Name (SPN) must be configured against the Active Directory account under which each Blue Prism Server service instance is running:
    • WCF: SOAP with Message Encryption & Windows Authentication
    • WCF: SOAP with Transport Encryption & Windows Authentication
    • .NET Remoting Secure
  • This is because when a Blue Prism interactive client or a runtime resource connects to an application server using one of the connection modes above, the Microsoft Negotiate Security Package is used to select the best Security Support Provider (SSP) to authenticate the connection. The internal code of the Blue Prism interactive client provides the expected SPN to the Microsoft Negotiation Security Package, which prompts Microsoft Negotiation to select the Kerberos SSP over New Technology LAN Manager (NTLM) SSP, provided the SPN is present in Active Directory.
  • This configuration applies to all Blue Prism environments, however, if the Active Directory account under which the BP Server instances are running resides in a different domain to the Active Directory account used for the Blue Prism interactive client and runtime resource, the following settings must be configured in Automate C:
    • /setkerberosrealm – For example, /setkerberosrealm must be configured for each BP Server connection in the interactive client where the user's Kerberos realm is different to that of the account configured to run BP Server. The Kerberos realm is usually the same as the domain name, however, please check with your IT team for the correct value.
    • /forcentlm <flag> – For example, /forcentlm true. This forces Microsoft Negotiate Security Package to select New Technology LAN Manager (NTLM) as the Security Support Provider (SSP) when authenticating connections. This option is provided so that NTLM can be used when Kerberos is unavailable or not configured.

Please consult with your security team before enabling this option as NTLM is considered a less secure protocol. For more information, see the Blue Prism Enterprise installation guide.



Browser extension versions

The table below shows when each Blue Prism extension, compatible with this release was introduced. For details of the latest browser versions Blue Prism is tested against, see the Browser extension compatibility matrix.

Browser Blue Prism extension versions


Blue Prism 6.9 Browser Extension (2.2.0)

Edge Chromium

Blue Prism 6.9 Browser Extension (2.2.0)


Blue Prism 6.9 Browser Extension – 2.1.0 (installed) or 2.2.0 (recommended) to address known issue BP-2055